Exam Profile: CompTIA's New Security+ SY0-401 Exam
The CompTIA Security+ certification is an entry-level certification focused on IT security. A security professional with the Security+ certification is expected to have at least two years of experience in IT administration with a focus on security. However, this two-year requirement is not as strict as it with some other security certifications, and it is not enforced. In other words, as long as you can pass the exam, you earn the certification.
Security+ has gained a lot of recognition in the past few years and is a required certification by many organizations. For example, the U.S. Department of Defense (DoD) published DoD directive 8570, requiring many administrators to have at least a Security+ certification. This includes active duty personnel, civilians, and contractors. Many IT contracts specifically state that hired contractors must have at least the Security+ certification to work on the contract, so having this on your resume often opens many more doors of opportunity.
Security+ started with the SY0-101 version, was revised in 2008 to the SY0-201 version, and revised in 2011 to the SY0-301 version. It has been revised again as SY0-401, and the SY0-401 version became available in May 2014. However, the current SY0-301 version will be available until Dec. 31, 2014.
A common question I’ve been asked is “Does it matter which exam I take?” The short answer is no. You earn the same certification with both exams, and the certification must be renewed within three years or it will expire. At this moment, there is much more training material out on the SY0-301 exam, so if you want to earn the Security+ certification go for the current SY0-301 exam. Publishers and training companies are working behind the scenes to get updated materials out for the SY0-401 exam (such as the CompTIA Security+ SY0-401 Authorized Cert Guide), and as we get closer to December 2014, there will be a lot more material available.
Certifications Must Be Renewed
Anyone that took and passed the Security+ certification on or before December 31, 2010, is certified for life. However, anyone certified after December 31, 2010, is only certified for three years from the date they first became certified. This renewal also applies for anyone with the CompTIA A+ and Network+ certifications, but not any other CompTIA certifications. This policy is in line with other certifications such as (ISC)2’s SSCP and CISSP, and Cisco’s CCNA. It became a requirement after the A+, Network+ and Security+ certifications became accredited under ANSI/ISO/IEC 17024. You can read more on the certification renewal policy here.
There are two basic requirements to renew the Security+ certification:
- Earn at least 50 continuing education units (CEUs)
- Pay an annual fee of $49 (for a total of $147)
There are multiple ways you can earn CEUs. For example, you can take non-degree courses or training sessions relevant to Security and earn 1 CEU for each hour of training up to a maximum of 40 CEUs. If you took a 40-hour SSCP training course, you’d earn 40 CEUs. Similarly, you can earn as many as 20 CEUs for creating and presenting IT Security related material. You’ll earn 2 CEUs for each hour spent on creating the material, and 1 CEU for each hour you spend presenting the material. Different activities have different submission requirements. For example, when attending a class, you need to be able to provide a description of the training, the content covered, dates, hours, and proof of completion.
You can also earn a full 50 CEUs if you complete a qualified higher level certification. There are many higher level certifications that fall into this category, A few are: SANS GSE, SCP SCNP, ISACA CISA, (ISC)2 SSCP or CISSP, Microsoft MCSA or MCSE, and Cisco CCNA Security. While Microsoft’s MCITP certifications aren’t currently listed, some of them probably will be at some point in the future.
You can view a full listing of all qualifying activities to earn CEUs, and all approved higher level certifications here.
It’s expected that you’ll earn the 50 CEUs over the course of a three-year period. For example, you may earn 10 credits the first year and 20 credits in years 2 and 3, for a total of 50 credits. However, you have to earn the 50 CEUs at some point within the three year cycle, and submit the CEUs to CompTIA or your certification will expire. When you submit the CEUs for evaluation, you’ll be required to pay the annual fee, and you can pay for all three years at once. If you don’t submit CEUs in years 1 and 2, and want to submit 50 CEUs in year 3, you’ll still be required to pay a total of $147. After you submit the CEUs, they’ll be evaluated to ensure they meet the requirements and you’ll be certified for another three years.
SY0-401 Exam Details:
- Number of questions: 90
- Type of Questions: Multiple choice and performance-based
- Passing score: 750 on a scale of 100 to 900
- Time limit: 90 minutes
- Exam price: $293 in the US.
- How to register: Pearson Vue
- Time to get results: You’ll know as soon as you complete the exam if you passed or not.
Some questions may be beta questions put in for research purposes and they aren’t graded. However, you’ll never know which ones are beta questions and which ones are graded, so you must answer each question as though it’s a valid question.
If you show up and don’t answer a single question, you’ll get a score of 100. If you ace the exam, you’ll get a score of 900.
You can take the exam at any Pearson Vue test center. If you know of one near you, you can call them directly to register, or you can register online. This Pearson Vue site will help you locate a Pearson Vue testing center close to you.